Director of Privacy Compliance

If you’ve been looking for an opportunity to build the nation’s best privacy program from the ground up inside an innovative health-tech company, this is the role for you.

Headway is looking for a Director of Privacy Compliance to be a key member of Headway’s Compliance team, supporting our cross-functional compliance effort. You will work closely with the Head of Compliance to support a rapidly scaling mental healthcare company by partnering with key stakeholders to implement privacy compliance efforts and programs.

We're seeking a leader with expertise in healthcare compliance, who is also proactive, forward-thinking, and able to navigate and thrive in ambiguity. You will be vital to our ability to partner with payers across the nation and solve various complex issues that arise as we change the behavioral health landscape.  

You will: 

• Collaborate with the Security & Privacy teams to ensure operational alignment between security and privacy programs
• Partner with stakeholders to identify, document, and mitigate privacy risks
• Support new and existing products, technologies, and vendor relationships by ensuring privacy risks are evaluated and mitigated
• Provide technical and regulatory guidance to all departments on privacy compliance matters to ensure compliance with applicable regulations and standards
• Contribute to the risk management strategic plan
• Manage privacy incidents and breach notifications required by federal and state law, serving as liaison with federal and state oversight agencies
• Develop and lead strategic role-specific trainings
• Drive cross functional communication and training across the company to ensure compliance with company privacy policies, data-handling policies and procedures, and legal obligations
• Manage data subject requests (DSRs) related to privacy inquiries
• Contribute to security and privacy audits
• Continuously improve privacy and security practices, policies, and standards
• Maintain current and operational knowledge of applicable federal and state privacy laws and regulations including, but not limited to:
• Health Insurance Portability and Accountability Act (HIPAA)
• California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
• My Health My Data Act (MHMDA)
• Confidentiality of Medical Information Act (CMIA)
• Foster a culture of compliance and ethical behavior within our company
• Provide regular compliance reports on the operation, efficacy, and progress of compliance efforts, violations, and risks

You will love this role if: 

• You have 8+ years of experience in privacy compliance or healthcare-related operations, legal, auditing, consulting, or the equivalent combination of experience
• You are deeply knowledgeable on privacy laws, payer requirements, and health care regulation more broadly
• You have proven experience in developing compliance frameworks and leading privacy initiatives as part of a compliance-focused team
• You function well in a high-paced environment and are able to quickly adapt to changing priorities and situations
• You engage, inspire, build credibility, and trust across all levels of the company
• You have the ability to disseminate and translate complex regulatory requirements into actionable requirements
• You have exceptional communication, organizational, project management, and prioritization skills
• You are certified in relevant areas such as Healthcare Compliance (CHC) or certified in Healthcare Privacy Compliance (CHPC)

Compensation and Benefits:

• Salary information is based on a single salary target per role and is differentiated based on geographic location (Group A, B, or C)
• Group A: $210,000
• Group B: $189,000 
• Group C: $168,000
• Examples of cities located in each Compensation Grouping:
• Group A = NYC, SF/Bay Area, LA Area, Seattle, Boston, Austin, and San Diego
• Group B = Chicago, Miami, Denver, Washington DC, Philadelphia, Atlanta, Minneapolis, Nashville, Sacramento, Phoenix, and Portland
• Group C = All remaining cities 

• Benefits offered include:
• Equity Compensation
• Medical, Dental, and Vision coverage
• HSA / FSA
• 401K
• Work-from-Home Stipend
• Therapy Reimbursement
• 16-week parental leave for eligible employees
• Carrot Fertility annual reimbursement and membership
• 13 paid holidays each year as well as a Holiday Break during the week between December 25th and December 31st
• Flexible PTO
• Employee Assistance Program (EAP)
• Training and professional development